Available article translations:

FileVault2 Encryption fails on macOS High Sierra

  • Parallels Mac Management


  • FileVault2 Encryption fails when domain mobile account is used.

  • Local administrator account is able to force the encryption just fine.

  • Issue is presented on machine running macOS High Sierra

  • pma_agent.log file on affected machine contains following entries:

    /FileVaultUtils:1001:1153/ Command is failed : /usr/bin/fdesetup [enable -inputplist -outputplist]
    /FileVaultUtils:1001:1153/ ExitCode : 38
    /FileVaultUtils:1001:1153/ ErrorCode : 5
  • Attempt to turn on FileVault2 encryption manually from System Preferences - Security & Privacy using domain mobile account will result in following error:

    Authentication server refused operation because the current credentials are not authorized for the requested operation.


Domain mobile account can no longer be used to force FileVault2 encryption on Macs running High Sierra. This limitation was implemented with one of recent macOS High Sierra updates. More information can be found in KB article from Apple Support


There is no possibility to bypass this limitation when using Parallels Mac Management hence starting from macOS High Sierra only local administrator accounts should be used to enable FileVault2 encryption on the Mac running macOS High Sierra


Was this article helpful?
Tell us how we may improve it.
Yes No